# Cryptographic Failures
Prior known as Sensitive Data Exposure, this security risk deals with the protection and therefore the encryption of data.A02:2021
Data is processed by almost every web application. This data is send via the internet and stored in databases on the server of a web application. Data falling under certain regulations (GDPR) like credit cards, health records and other sensitive information needs to be protected.
- Usage of weak cryptographic algorithms
- Usage of default keys and apsswords
- Key management
- Configurations of encryption functions
- Usage of framework native functions or libraries
Never implement your own cryptographic functions!
When using Node.js based frameworks, one can choose the native
However, when choosing this module, further configurations are required to align with the requirements of the literature.
Usage of crypto-js (opens new window) is recommended because of its high Security by Default.
# Spring Boot
Spring Boot is offering native encryption via its
Decryptor classes. These classes (available as
TextEncryptor) offer different functions to encrypt data. Both offer one method called
standard() which is not sufficient and a improved version called
deluxe() to encrypt data since it provides OWASP's recommended level of security.